Extended Slovník

Wi-Fi Protected Access (WPA)

Wi-Fi Protected Access (WPA) is a security protocol and security certification program developed by the Wi-Fi Alliance to secure wireless computer networks, providing stronger data encryption and user authentication than its predecessor, WEP.

What is Wi-Fi Protected Access (WPA)?

Wi-Fi Protected Access (WPA) refers to a family of security protocols designed to secure wireless local area networks (WLANs). Developed by the Wi-Fi Alliance, WPA was introduced as a security certification program to replace the deeply flawed Wired Equivalent Privacy (WEP) protocol. WPA uses encryption and authentication mechanisms to protect data transmitted over wireless networks, ensuring that only authorized users can access the network and that the data remains confidential and unaltered during transmission.

WPA initially relied on the Temporal Key Integrity Protocol (TKIP), which dynamically rotates encryption keys rather than using a single static key like WEP. It also introduced a Message Integrity Check (MIC) to detect and prevent packet tampering. Over time, the WPA family has expanded to include WPA2 and WPA3, each offering progressively stronger security measures.

Why is WPA Important for Wireless Security?

WPA is critically important because wireless networks are inherently more vulnerable than wired connections. Radio signals can be intercepted by anyone within range, making robust encryption and authentication essential. Before WPA, the WEP protocol was the standard for Wi-Fi security, but its static key system was found to be easily crackable with widely available tools.

WPA addressed these vulnerabilities by introducing:

  • Dynamic key generation: TKIP creates a new key for each data packet, dramatically increasing the difficulty of unauthorized decryption.
  • Message Integrity Check (MIC): Prevents attackers from capturing, modifying, and resending data packets.
  • Improved authentication: Supports both pre-shared key (PSK) mode for home use and enterprise-grade authentication via RADIUS servers, as documented by Cisco and the National Institute of Standards and Technology (NIST).

How Does Wi-Fi Protected Access Work?

WPA operates by encrypting data between a wireless device and the access point (router). The process involves two primary components:

  1. Authentication: In WPA-PSK (Personal) mode, all users share a single passphrase to connect. In WPA-Enterprise mode, each user authenticates individually through a RADIUS server, providing unique credentials.
  2. Encryption: Once authenticated, WPA encrypts data using TKIP (in WPA1) or the more robust Advanced Encryption Standard (AES) in WPA2 and WPA3. AES is a block cipher adopted by the U.S. government and widely considered unbreakable with current technology.

Practical examples include:

  • A home router configured with WPA2-PSK or WPA3-PSK (recommended) to protect the family's internet connection from unauthorized access.
  • An enterprise network using WPA2-Enterprise with a RADIUS server to authenticate each employee's device individually before granting network access.

When Was WPA First Introduced?

WPA was first introduced in 2003 by the Wi-Fi Alliance as an interim solution while the full IEEE 802.11i security standard was being finalized. WEP's vulnerabilities had become well-known, and the industry needed a rapid response. WPA served as a bridge, providing substantially improved security using existing hardware with firmware updates.

The timeline of WPA versions is as follows:

  • WPA (WPA1) — 2003: Used TKIP encryption; a significant improvement over WEP.
  • WPA2 — 2004: Introduced mandatory AES encryption based on the finalized IEEE 802.11i standard. It became the dominant Wi-Fi security protocol for over a decade.
  • WPA3 — 2018: Added stronger protections including Simultaneous Authentication of Equals (SAE), which replaces the PSK handshake and provides better protection against offline dictionary attacks.

Which WPA Version Is Most Secure?

WPA3 is the most secure version currently available. According to the Wi-Fi Alliance, WPA3 offers several key enhancements over its predecessors:

  • SAE handshake: Provides forward secrecy, meaning that even if a passphrase is later compromised, previously captured traffic cannot be decrypted.
  • 192-bit security suite: Available in WPA3-Enterprise mode for environments requiring the highest levels of security, such as government and financial institutions.
  • Protection on open networks: WPA3 introduces Opportunistic Wireless Encryption (OWE), which encrypts traffic even on open (public) Wi-Fi networks without requiring a password.
  • Resistance to brute-force attacks: WPA3 limits the number of authentication attempts, making offline password-guessing attacks impractical.

While WPA3 is recommended for all new deployments, WPA2 with AES remains widely used and is still considered secure for most applications. WPA1 (with TKIP) and WEP should be avoided entirely, as both have known, exploitable vulnerabilities.

← Back to Glossary